Im am unopposed to this On Tue, Mar 30, 2021 at 2:49 PM Mike Hammett <[email protected]> wrote:
> Well right, but there's not really any way around that, short of having a > bunch of midgets you keep stacked in the basement with passwords written on > their foreheads and you summon them by yelling the name of the site or > service you need the password for. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"Mathew Howard" <[email protected]> > *To: *"AnimalFarm Microwave Users Group" <[email protected]> > *Sent: *Tuesday, March 30, 2021 2:42:19 PM > *Subject: *Re: [AFMUG] Ubiquiti played fast and loose with the truth? > > I think Steve's point is that if you have all of your stuff stored in one > place, if somebody gets access to that place, they have all your stuff. > Whether that place is Lastpass, a TXT file or a forehead isn't particularly > important. > > On Tue, Mar 30, 2021 at 2:23 PM Mike Hammett <[email protected]> wrote: > >> Right, I read that. That doesn't mean anything. It could have just as >> well said that they were previously stored in a TXT file on the desktop or >> written backwards on the SysAdmin's forehead. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> ------------------------------ >> *From: *"Steve Jones" <[email protected]> >> *To: *"AnimalFarm Microwave Users Group" <[email protected]> >> *Sent: *Tuesday, March 30, 2021 2:18:41 PM >> *Subject: *Re: [AFMUG] Ubiquiti played fast and loose with the truth? >> >> from the sounds of it thats how they gained the access >> >> Adam says the attacker(s) had access to privileged credentials that were >> previously stored in the LastPass >> <https://en.wikipedia.org/wiki/LastPass> account of a Ubiquiti IT >> employee, and gained root administrator access to all Ubiquiti AWS >> accounts, including all S3 data buckets, all application logs, all >> databases, all user database credentials, and secrets required to forge >> single sign-on (SSO) cookies. >> >> On Tue, Mar 30, 2021 at 2:10 PM Mike Hammett <[email protected]> wrote: >> >>> I don't know that LastPass really had anything to do with it, other than >>> that's where someone stored a password. >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions <http://www.ics-il.com/> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>> <https://www.facebook.com/mdwestix> >>> <https://www.linkedin.com/company/midwest-internet-exchange> >>> <https://twitter.com/mdwestix> >>> The Brothers WISP <http://www.thebrotherswisp.com/> >>> <https://www.facebook.com/thebrotherswisp> >>> >>> >>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>> ------------------------------ >>> *From: *"Steve Jones" <[email protected]> >>> *To: *"AnimalFarm Microwave Users Group" <[email protected]> >>> *Sent: *Tuesday, March 30, 2021 2:06:13 PM >>> *Subject: *Re: [AFMUG] Ubiquiti played fast and loose with the truth? >>> >>> hahaha, lastpass. I like to keep all eggs in a single basket, that way >>> when i have both hands in the cookie jar, all a guy need to do is walk off >>> with the basket and make an omelette >>> >>> On Tue, Mar 30, 2021 at 1:59 PM Cameron Crum <[email protected]> >>> wrote: >>> >>>> We are shocked. SHOCKED I say! >>>> >>>> On Tue, Mar 30, 2021 at 1:18 PM Robert Andrews <[email protected]> >>>> wrote: >>>> >>>>> I guess I should have not just put in a link without commenting... >>>>> >>>>> So: >>>>> >>>>> Why am I surprised? >>>>> >>>>> On 03/30/2021 11:15 AM, Robert Andrews wrote: >>>>> > >>>>> https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/ >>>>> > >>>>> > >>>>> >>>>> -- >>>>> AF mailing list >>>>> [email protected] >>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>> >>>> -- >>>> AF mailing list >>>> [email protected] >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> >>> >>> -- >>> AF mailing list >>> [email protected] >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >>> -- >>> AF mailing list >>> [email protected] >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
